Can Israel turn off Iran with the flick of a switch? (5/30/2012)

A new computer virus worm has just been reported hitting mostly Iran. The virus is even more complex than the Stuxnet virus that had earlier hit and damaged Iranian nuclear facilities. On the matrix below the axis term is FLAME VIRUS. Who devised it? In the open text, crossing and sharing a letter with FLAME VIRUS is ISRAEL. Also sharing a letter with FLAME VIRUS is PREPARATION. The virus attack is a likely preparation for war. IRAN is at the same absolute skip as FLAME VIRUS, though in the opposite direction. The nature of the virus, a WORM is on the matrix at an ELS. The virus was used to shut down Iranian oil fields, and OIL is on the matrix in the open text. Finally, B. OBAMA is on the matrix at skip -1. He probably supports limited actions like this because, like the attack on Libya, it keeps U.S. troops out of battle (especially important in an election year). This web site also has a few matrices about the Stuxnet Virus. News coverage of the Flame Virus follows the statistical significance discussion after the matrix below.

STATISTICAL SIGNIFICANCE OF THE MATRIX. As per my standard protocol, no statistical significance is assigned to the axis term, hereFLAME VIRUSat its lowest skip. By far, the most significant term found was B. OBAMA. The 6-letter term shown is the only ELS in Torah at skip +/- 1 with either possible spelling (the preferred hey or the alef shown) for the last letter of his name. It appeared on the 551-letter matrix against odds of about 553 to 1, although only 96 letters were required to show the name and the axis term. Odds against a match that tight were about 3,175 to 1. The main suspect behind the virus is ISRAEL, which crosses and shares a letter with FLAME VIRUS. However due to Israel's very high frequency in Torah (591 times in the open text) is it is almost impossible to get a very high statistically significant value for it. There was about 1 chance in 12 that in the open text it would cross the axis term as shown here, and the odds that it would be somewhere in the open text on the 551-letter matrix were about 2 in 3.

PREPARATION was found at skip -2, which is not a special case skip. Although it shared a letter hey with the axis term, it was virtually certain to be somewhere on the matrix. More interesting was IRAN at the same absolute skip as FLAME VIRUS. The odds against one of two possible spellings of IRAN (4 or 5 letters) being on the matrix were about 33 to 1. Finally,WORM was on the matrix, but not at a special case skip. Four 5-letter synonyms were checked for it, and the odds against one of them being on the matrix were determined to be a little less than 5 to 1. OIL is on the matrix in the open text against odds of about 4 to 1. Overall the matrix existed against odds of about 618,539 to 1 which is quite significant (see the spreadsheet at the bottom of this article).

FLAME VIRUS HAD MASSIVE IMPACT ON IRAN, SAYS ISRAELI SECURITY FIRM.

The massive, complex virus, has been found to be infecting and stealing information from computers in Iran and Mideast countries.

The Flame computer virus not only stole large quantities of information from various Iranian government agencies, but apparently even disrupted its oil exports by shutting down oil terminals, information security firm Symantec Israel said yesterday.

The massive, complex virus, has been found to be infecting and stealing information from computers in Iran and Mideast countries. Symantec, which, along with Russian Internet security firm Kaspersky Lab, was among the first to report about Flame, said there was evidence that it had erased information from computer hard disks in Iran, and that this is what caused the shutdown at the oil terminals.

Iran's national computer emergency team, known as Maher, admitted the information theft yesterday, though not the terminal shutdowns. Maher said that Flame had managed to evade detection by 43 different anti-virus programs, despite its enormous size - 20 megabytes. By comparison, the Stuxnet computer worm that attacked Iran's nuclear program two years ago was only about one megabyte.

Maher said it has now managed to develop tools for protection against Flame. Maher, like Symantec and Kaspersky Lab, said that Flame was similar in sophistication to Stuxnet and the Duqu computer worm. Kaspersky said Flame uses a method of penetration previously used only by Stuxnet. The security experts also said the virus had other similarities to Stuxnet and Duqu. Iran has accused the United States and Israel of being behind both of those viruses.

Various information security firms said that Flame appears to have been in operation for at least two years. The Laboratory of Cryptography and System Security (CrySyS ) at Budapest University of Technology and Economics said it may have been active for as long as five to eight years.

Flame's capabilities include capturing screen shots and other information stored on computers. It can also eavesdrop on conversations via the infected computer's sound system.

In an interview with Army Radio yesterday morning, Vice Prime Minister Moshe Ya'alon said the effort to halt Iran's nuclear program justifies the use of all means, including sophisticated computer viruses. This statement was interpreted by many people in both Iran and other countries as an admission that Israel was behind Flame.

Yesterday afternoon, however, Ya'alon put out a statement on his Twitter account noting that Israel is far from the only country that both views Iran's nuclear program as a threat and has the capability to engage in cyber warfare.

Information security companies say they are convinced Flame was the work of a national government, inter alia because of its sophistication. Moreover, Kaspersky noted, most cyberattacks by ordinary criminals are aimed at either stealing money or, in the case of activist hackers, bringing down websites.

Shay Zalalichin, chief technology officer of the information security firm Comsec Consulting, told Haaretz that most viruses are designed to be small, to help them evade notice. Thus Flame's size might indicate that its makers were careless. On the other hand, it seems to have been much better controlled than Stuxnet, which spread to many computers well beyond its targets. Flame, in contrast, spread to only about 1,000 targets, which helped it to evade detection.

CrySyS added that the Flame's unusual size might even have been an advantage, because most anti-virus programs are not designed to look for a virus of that size. But now that Flame has been discovered, Zalalichin warned, the code is likely to be obtained by other countries that could never have developed anything so sophisticated on their own.